Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.
Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.
Have a read through. It definitely relates to GDPR (and even the Right to be Forgotten). Those are our accounts, linked to our emails. It is content we generate (even Reddit admits the content is owned by the creator). So if I want to delete everything and leave no trace I should be able to.
https://www.cyberghostvpn.com/en_US/privacyhub/how-to-delete-reddit-account/
That’s debatable. Sure. my account doesn’t actually contain my name and address, but it contains almost 14 years of posts and comments. Through the years I’ve probably let slip enough small pieces of information about myself that a motivated person would be able to identify me. This would still make it identifiable information.
Sure. my account doesn’t actually contain my name and address, but it contains almost 14 years of posts and comments.
Agreed. If a person’s speaking voice falls under the GDPR (as I have found out being a phonetician and hence doing research on it), surely opinions and comments taken not individually but as a cumulated mass must do so too.
Do you understand how trivial it is to anonymize the data so it can still be used and monetized?
How exactly do you trivially remove all references to the physical, physiological, genetic, mental, economic, cultural or social identity of the person posting?
This is the bar you’d have to clear to ensure someone’s comment history were anonymized per GDPR, miss a single one of these factors and your anonymous data is now reversible and thus infringing.
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics
By definition commenting reddit users are covered, even if they haven’t posted anything otherwise identifying – but most have either way.
That’s not what an “online identifier” is under GDPR. Those are RFID tags, cookies, device fingerprints, IP addresses, etc: https://gdpr-info.eu/recitals/no-30/
please don’t state things if you don’t know what you’re talking about. it absolutely applies. it’s a personalized account, with a personalized email address – this is the core of GDPR. it might not apply cause reddit is not within the legislation of the EU. maybe.
I do - I work with this daily. It would be a massive uphill battle to even prove in a court that your whole post history is considered “identifying”. It’s a case-by-base basis. On top of that, your data could still be easily stored and simply no longer associated with your email (but still can be kept if the previous cannot be proven about identification). Then this would have to be tested, on a that same case-by-case basis, for every single user that made a request.
To quote yourself, “please don’t state things if you don’t know what you’re talking about.”
Doesn’t matter, they’ll be fined and if they refuse to pay they’ll not be allowed to operate in the EU
Yes it is, as pointed out here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-140833 and here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-141285
These links are just going to the same post we are on? It’s not linking to specific comments for me.
Looks like comment link redirection isn’t quite working. Let me just copy over the comment text for now:
Well, people have reported Twitter for failing to remove their tweets and places like the ICO are now actively investigating Twitter over this failure, see https://www.wired.co.uk/article/delete-twitter-dms-gdpr
Someone posted not too long ago that a person who was part of Twitter’s group over the GDPR - pre Musk - said the lawyers came to the conclusion that tweets were protected under the GDPR.
I believe it’s less straightforward than that. Under GDPR, consent can be withdrawn, you can’t give an irrevokable consent.
And from https://mstdn.games/@chris/110553477682106144
Presumably falls under right to erasure (art 17,19 of GDPR). You’ve withdrawn your consent, so if it isn’t exempt under legal obligation, public health, scientific research etc then that’s it, really. I guess there might be brave souls who argue that posts on Reddit sometimes don’t qualify as or contain personal data, but that would seem irrelevant unless someone is painstakingly anonymising the dataset on a case by case basis, which they surely aren’t.
Also, it looks like Twitter may be in some trouble, for failing to delete DMs under the GDPR, see https://techcrunch.com/2023/02/08/elon-musk-twitter-dm-deletion/
Surely, if twitter DMs fall under the GDPR, so do Reddit posts and comments (and note that it’s the content of the DMs, and not the personal identifiers, and that the DMs are requested to be deleted from e.g. receipients inboxes as well).
Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.
For most people, GDPR probably applies to at least some of their comments on Reddit.
Yes it is, as pointed out here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-140833 and here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-141285
And also see https://kbin.social/m/reddit@lemmy.ml/t/34167/Reddit-is-restoring-deleted-posts#entry-comment-141186
If a user is commenting they have an online identifier and are thus covered. If a user has ever referenced their relationship status, location or any physical descriptor they are covered. The GDPR – it applies.
That’s not what an “online identifier” is under GDPR. Those are RFID tags, cookies, device fingerprints, IP addresses, etc: https://gdpr-info.eu/recitals/no-30/
Usernames are online identifiers:
A non-exhaustive list is included in Recital 30
An individual’s social media ‘handle’ or username, which may seem anonymous or nonsensical, is still sufficient to identify them as it uniquely identifies that individual. The username is personal data if it distinguishes one individual from another regardless of whether it is possible to link the ‘online’ identity with a ‘real world’ named individual.